nginx动静分离
实验环境
| 主机 | IP | 服务 |
|---|---|---|
| LB centos8 | 192.168.200. 150 | nginx |
| RS1 Redhat8 | 192.168.200.145 | apache |
| RS2 Redhat8 | 192.168.200.146 | Lnmp |
1. 反向代理与负载均衡
nginx通常被用作后端服务器的反向代理,这样就可以很方便的实现动静分离以及负载均衡,从而大大提高服务器的处理能力。
nginx实现动静分离,其实就是在反向代理的时候,如果是静态资源,就直接从nginx发布的路径去读取,而不需要从后台服务器获取了。
但是要注意,这种情况下需要保证后端跟前端的程序保持一致,可以使用Rsync做服务端自动同步或者使用NFS、MFS分布式共享存储。
Http Proxy`模块,功能很多,最常用的是`proxy_pass`和`proxy_cache
如果要使用proxy_cache,需要集成第三方的ngx_cache_purge模块,用来清除指定的URL缓存。这个集成需要在安装nginx的时候去做,如:
./configure --add-module=../ngx_cache_purge-1.0 ......
nginx通过upstream模块来实现简单的负载均衡,upstream需要定义在http段内
在upstream段内,定义一个服务器列表,默认的方式是轮询,如果要确定同一个访问者发出的请求总是由同一个后端服务器来处理,可以设置ip_hash,
LB配置
安装nginx
//关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
//创建用户
[root@localhost src]# useradd -r -M -s /sbin/nologin nginx
//安装依赖环境(这是lnmp的所有环境)
[root@localhost ~]# yum -y install epel-release
[root@localhost src]# yum -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
[root@localhost src]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make ncurses-devel cmake mariadb-devel ncurses-compat-libs libxml2 libxml2-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel php-mysqlnd libsqlite3x-devel oniguruma libzip-devel
//解压
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug
kernels
mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
nginx-1.20.1.tar.gz
php-8.0.10.tar.xz
[root@localhost src]# tar xf nginx-1.20.1.tar.gz -C /usr/local/
//创建日志存放目录
[root@localhost src]# mkdir -p /var/log/nginx
[root@localhost src]# chown -R nginx.nginx /var/log/nginx
//编译安装
[root@localhost nginx-1.20.1]# cd /usr/local/nginx-1.20.1/
[root@localhost nginx-1.20.1]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
&& make && make install
//环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# . /etc/profile.d/nginx.sh
[root@localhost ~]# nginx
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
修改配置文件
[root@LB ~]# vim /usr/local/nginx/conf/nginx.conf
upstream static {
server 192.168.200.145;
}
upstream dynamic{
server 192.168.200.146;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://static;
}
.....
location ~ \.php$ {
proxy_pass http://dynamic;
}
[root@LB ~]# nginx -s reload
RS1
安装apache
// 安装开发工具包
[root@localhost ~]# yum groups mark install 'Development Tools'
//创建用户
[root@localhost ~]# useradd -r -M -s /sbin/nologin apache
//安装依赖包
yum -y install openssl-devel pcre-devel expat-devel libtool gcc gcc-c++ make
//拉取软件包
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-util-1.6.1.tar.gz
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/apr/apr-1.7.0.tar.gz
[root@localhost ~]# wget https://mirrors.tuna.tsinghua.edu.cn/apache/httpd/httpd-2.4.49.tar.gz
[root@localhost src]# ls
apr-1.7.0.tar.gz debug kernels
apr-util-1.6.1.tar.gz httpd-2.4.49.tar.gz
//解压软件包
[root@localhost src]# tar xf apr-util-1.6.1.tar.gz
[root@localhost src]# tar xf apr-1.7.0.tar.gz
[root@localhost src]# tar xf httpd-2.4.49.tar.gz
//进入apr-1.7.0的configure删除这一行
$RM "$cfgfile"
//编译apr
[root@localhost apr-1.7.0]# ./configure --prefix=/usr/local/apr && make && make install
//编译apr-util
[root@localhost apr-util-1.6.1]# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr/ && make && make install
//编译安装httpd
[root@localhost httpd-2.4.49]# ./configure --prefix=/usr/local/apache \
> --enable-so \
> --enable-ssl \
> --enable-cgi \
> --enable-rewrite \
> --with-zlib \
> --with-pcre \
> --with-apr=/usr/local/apr \
> --with-apr-util=/usr/local/apr-util/ \
> --enable-modules=most \
> --enable-mpms-shared=all \
> --with-mpm=prefork
[root@localhost httpd-2.4.49]# make && make install
//设置环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/apache/bin:$PATH' > /etc/profile.d/httpd.sh
[root@localhost ~]# source /etc/profile.d/httpd.sh
//头文件软连接
[root@localhost ~]# ln -s /usr/local/apache/include/ /usr/include/apache
//帮助文档
[root@localhost ~]# vim /etc/man_db.conf
MANDATORY_MANPATH /usr/local/apache/m
an
//取消注释
[root@localhost ~]# vim /usr/local/apache/conf/httpd.conf
ServerName www.example.com:80
//编写服务控制脚本
[root@localhost ~]# cat /usr/lib/systemd/system/httpd.service
[Unit]
Description=HTTPD server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/apache/bin/apachectl start
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/usr/local/apache/bin/apachectl stop
[Install]
WantedBy=multi-user.target
//设置开机自启
[root@localhost ~]# systemctl enable --now httpd
[root@localhost ~]# systemctl status httpd
● httpd.service - HTTPD server daemon
Loaded: loaded (/usr/lib/systemd/system/httpd.service; >
Active: active (running) since Thu 2021-09-23 15:59:20 >
Process: 175327 ExecStop=/usr/local/apache/bin/apachectl>
Process: 177184 ExecStart=/usr/local/apache/bin/apachect>
Main PID: 177187 (httpd)
RS2
1. Nginx
//关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
//创建用户
[root@localhost src]# useradd -r -M -s /sbin/nologin nginx
//安装依赖环境(这是lnmp的所有环境)
[root@localhost ~]# yum -y install epel-release
[root@localhost src]# yum -y install http://mirror.centos.org/centos/8-stream/PowerTools/x86_64/os/Packages/oniguruma-devel-6.8.2-2.el8.x86_64.rpm
[root@localhost src]# yum -y install pcre-devel openssl openssl-devel gd-devel gcc gcc-c++ make ncurses-devel cmake mariadb-devel ncurses-compat-libs libxml2 libxml2-devel bzip2 bzip2-devel libcurl libcurl-devel libicu-devel libjpeg libjpeg-devel libpng libpng-devel openldap-devel pcre-devel freetype freetype-devel gmp gmp-devel libmcrypt libmcrypt-devel readline readline-devel libxslt libxslt-devel mhash mhash-devel php-mysqlnd libsqlite3x-devel oniguruma libzip-devel
//解压
[root@localhost ~]# cd /usr/src/
[root@localhost src]# ls
debug
kernels
mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz
nginx-1.20.1.tar.gz
php-8.0.10.tar.xz
[root@localhost src]# tar xf nginx-1.20.1.tar.gz -C /usr/local/
//创建日志存放目录
[root@localhost src]# mkdir -p /var/log/nginx
[root@localhost src]# chown -R nginx.nginx /var/log/nginx
//编译安装
[root@localhost nginx-1.20.1]# cd /usr/local/nginx-1.20.1/
[root@localhost nginx-1.20.1]# ./configure \
--prefix=/usr/local/nginx \
--user=nginx \
--group=nginx \
--with-debug \
--with-http_ssl_module \
--with-http_realip_module \
--with-http_image_filter_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_stub_status_module \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
&& make && make install
//环境变量
[root@localhost ~]# echo 'export PATH=/usr/local/nginx/sbin:$PATH' > /etc/profile.d/nginx.sh
[root@localhost ~]# . /etc/profile.d/nginx.sh
[root@localhost ~]# nginx
[root@localhost ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
2. mysql
//创建用户
[root@localhost src]# useradd -r -M -s /sbin/nologin mysql
//解压
[root@localhost src]# tar xf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz -C /usr/local/
[root@localhost src]# cd /usr/local/
//软连接
[root@localhost local]# mv mysql-5.7.31-linux-glibc2.12-x86_64/ mysql
[root@localhost local]# chown -R mysql.mysql mysql/
//头文字连接
[root@localhost local]# ln -s /usr/local/mysql/include /usr/include/mysql
//库文件
[root@localhost local]# vim /etc/ld.so.conf.d/mysql.conf
/usr/local/mysql/lib
[root@localhost local]# ldconfig
//创建数据存放目录
[root@localhost local]# mkdir /opt/data
[root@localhost local]# chown -R mysql.mysql /opt/data
//环境变量
[root@localhost local]# echo 'export PATH=/usr/local/mysql/bin:$PATH' > /etc/profile.d/mysql.sh
[root@localhost local]# . /etc/profile.d/mysql.sh
//初始化
[root@localhost local]# mysqld --initialize-insecure --user mysql --datadir /opt/data
2021-10-26T05:09:53.834671Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2021-10-26T05:09:53.995344Z 0 [Warning] InnoDB: New log files created, LSN=45790
2021-10-26T05:09:54.023409Z 0 [Warning] InnoDB: Creating foreign key constraint system tables.
2021-10-26T05:09:54.027736Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: f4793834-361a-11ec-875c-000c292bb2f4.
2021-10-26T05:09:54.028523Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened.
2021-10-26T05:09:54.496140Z 0 [Warning] CA certificate ca.pem is self signed.
2021-10-26T05:09:54.749748Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option.
//编写配置文件
[root@localhost local]# cat > /etc/my.cnf << EOF
> [mysqld]
> basedir = /usr/local/mysql
> datadir = /opt/data
> socket = /tmp/mysql.sock
> port = 3306
> pid-file = /opt/data/mysql.pid
> user = mysql
> skip-name-resolve
> EOF
//编写服务控制脚本
[root@localhost local]# cat > /usr/lib/systemd/system/mysqld.service << EOF
[Unit]
Description=Mysql server daemon
After=network.target sshd-keygen.target
[Service]
Type=forking
ExecStart=/usr/local/mysql/support-files/mysql.server start
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/usr/local/mysql/support-files/mysql.server stop
[Install]
WantedBy=multi-user.target
basedir=/usr/local/mysql
datadir=/opt/data
EOF
//启动服务
[root@localhost local]# systemctl daemon-reload
[root@localhost local]# systemctl start mysqld
[root@localhost local]# systemctl enable --now mysqld
Created symlink /etc/systemd/system/multi-user.target.wants/mysqld.service → /usr/lib/systemd/system/mysqld.service.
[root@localhost local]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
3. php
//解压
[root@localhost src]# tar xf php-8.0.10.tar.xz -C /usr/local/
[root@localhost src]# cd /usr/local/php-8.0.10/
//编译安装
[root@localhost nginx]# ./configure --prefix=/usr/local/php8 \
--with-config-file-path=/etc \
--enable-fpm \
--disable-debug \
--disable-rpath \
--enable-shared \
--enable-soap \
--with-openssl \
--enable-bcmath \
--with-iconv \
--with-bz2 \
--enable-calendar \
--with-curl \
--enable-exif \
--enable-ftp \
--enable-gd \
--with-jpeg \
--with-zlib-dir \
--with-freetype \
--with-gettext \
--enable-mbstring \
--enable-pdo \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-readline \
--enable-shmop \
--enable-simplexml \
--enable-sockets \
--with-zip \
--enable-mysqlnd-compression-support \
--with-pear \
--enable-pcntl \
--enable-posix \
&& make && make install
//环境变量
[root@localhost php-8.0.10]# echo 'export PATH=/usr/local/php8/bin:$PATH' > /etc/profile.d/php.sh
[root@localhost php-8.0.10]# . /etc/profile.d/php.sh
//配置php
[root@localhost php-8.0.10]# cp sapi/fpm/init.d.php-fpm /etc/init.d/php-fpm
[root@localhost php-8.0.10]# chmod +x /etc/init.d/php-fpm
[root@localhost php-8.0.10]# cd /usr/local/php8
[root@localhost php8]# cd etc/
[root@localhost etc]# cp php-fpm.conf.default php-fpm.conf
[root@localhost etc]# cd php-fpm.d/
[root@localhost php-fpm.d]# cp www.conf.default www.conf
[root@localhost php-fpm.d]# ls
www.conf www.conf.default
//启动
[root@localhost php-fpm.d]# service php-fpm start
Starting php-fpm done
[root@localhost php-fpm.d]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:9000 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 80 *:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
4. 配置nginx
//配置网页文件
[root@localhost nginx]# cd html/
[root@localhost html]# vim index.php
<?php
phpinfo();
?>
[root@localhost html]# chown -R nginx.nginx index.php
//修改配置文件
[root@localhost nginx]# vim conf/nginx.conf
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.php index.html index.htm;
}
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/nginx/html$fastcgi_script_name;
include fastcgi_params;
}
[root@localhost ~]# nginx -s reload
2. 测试
761
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
